[tor-bugs] #2320 [Tor Client]: var_cell_t with payload_len 0 risky
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Dec 29 05:25:42 UTC 2010
#2320: var_cell_t with payload_len 0 risky
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: | Parent:
------------------------+---------------------------------------------------
Comment(by arma):
Replying to [ticket:2320 arma]:
> He reported it with the phrase "lets assume no alignment", but I think
alignment is not relevant here -- even if var_cell_t is padded internally,
we're still going to fail to allocate that last byte, which is where
cell->payload will be.
Actually, maybe I take that back. If "uint8_t payload[1]" is treated like
"uint8 payload", then it might be padded inside the struct, and thus the
first byte or three of payload will be allocated.
Heck if I know what various compilers would do. Let's make it so we don't
need to find out. :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2320#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list